IIS Best Practices

06/20/2012

4 minutes to read

In this article

For a very long time, I have been asked for a document on IIS best practices. There are some blogs/articles on the Internet but I could not find a complete one. Actually, the main problem here is that there can not be “best practices” for a web server. A web server is just a hosting platform for applications, and, each and every application has its own needs. Therefore, in many cases, you will not have one universal best practice.

Having these said, I tried to gather a list of things one should check while configuring an IIS server (and an application on IIS). I should say that these are my own thoughts based on my own experience. It is very likely that you will find some resources mentioning just the opposite of what I say.

NOTE: Some of the links I provided below refer to content in Turkish because I usually blog in Turkish.

Application pool configuration

Create one application pool for each application. You might consider grouping applications to pools if there are too many applications and/or sites hosted, for administration and management purposes.

Turn on as many fields as possible (at least defaults + sc-bytes and cs-bytes on IIS 7.x)

Monitor disk usage as the logs might grow quite fast

Schedule scripts to archive older logs

Use "Advanced Logging" module if you need to log extra fields. If you have an NLB device which NATs (causing the client IP to be hidden from IIS servers), consider using both default logs and "advanced logs":
Advanced Logginghttp://www.iis.net/download/AdvancedLogging